|
|
This appendix describes the configuration options for the bundled SESM RADIUS server. Topics are:
The bundled SESM RADIUS server is installed by default in both RADIUS and LDAP mode installations. None of the SESM installation parameters affects the default configuration of the bundled SESM RADIUS server.
The installed location of configuration files and startup scripts that support the bundled SESM RADIUS server is the tools directory under your SESM installation directory:
tools
bin
startAAA
config
aaa.xml
erp.xml
aaa.properties
The bundled SESM RADIUS server requires a profile file in MERIT format.
The default configuration points to the aaa.properties file, a sample MERIT file installed with RDP. You can change this to point to a different file by changing the aaaFilename attribute in the AAA MBean. For example, you could point to the demo.txt file in the NWSP directory.
The bundled SESM RADIUS server loads the contents of the profile file during startup. You must restart the RADIUS server if:
All SESM applications, including the bundled SESM RADIUS server, internally predefine the standard RADIUS attributes and the Cisco vendor-specific attributes (VSAs) listed in Table C-2 and Table C-3.
To define additional attributes, such as Cisco VSAs not included in the above-referenced tables or other vendor VSAs:
 |
Note You can edit the start script, inserting a default port number. In that case, you do not need to specify portNumber on the command line. |
The bundled SESM RADIUS server uses the following MBeans:
To change attributes in these MBeans, you can either:
tools
config
aaa.xml
erp.xml
|
Note The installation process does not add a link on the CDAT main window to this Agent View. You can add this link manually as described in "Adding a New Application to the CDAT Main Window" section. Before creating the link, edit the startAAA script, inserting a port number that you want to consistently use to start the bundled SESM RADIUS server. Then configure the link on the CDAT window to go to the configured RDP port + 100. |
The Logger MBean configures both logging and debugging tools. The logging tool logs CDAT application activity. The debugging mechanism produces messages useful for debugging. This is the same logging and debugging mechanism used by the SESM portal applications. See the "Logger MBean" section, for more information.
The ManagementConsole MBean configures the server management console port, including valid user names and passwords for accessing the console. See the "Configuring the ManagementConsole MBean" section for more information.
All SESM applications, including this RADIUS server, internally predefine the standard RADIUS attributes and the Cisco SSG vendor-specific attributes (VSAs). You can define additional attributes, such as additional Cisco VSAs or VSAs from other vendors, in the RADIUSDictionary MBean. When you define attributes in this MBean, you can use the defined attribute names in RADIUS profiles.
|
Note You can also define dynamic attributes directly in the profile, as described in the "Dynamically Defining Attributes in Profiles for Testing and Development" section. |
For a list of the standard RADIUS attributes that are predefined in SESM, see Table C-2. For a list of the Cisco SSG VSAs that are predefined in SESM, see Table C-3.
Table D-1 describes the attributes in the RADIUSDictionary MBean.
| Attribute Name | Explanation |
|---|---|
|
name(radiusAttributeId, vendorId, vendorSubattribute, datatype) Where:
For example:
Other valid syntax formats are represented below: name([[type=]26],[vendorId=]vendorId,[vendorType=]vendorType,[dataType=]dataType) For example:
|
The AAA MBean configures the AAA listener, including its thread pool and socket (port).Table D-2 describes the configurable attributes in the AAA MBean.
| Attribute Name | Explanation |
|---|---|
Defines the type of listener being configured. The value must be AAA to configure an bundled SESM RADIUS server. | |
Default: true | |
Note The following attributes are in the AAA MBean, RADIUSListener=AAA,component=Threadpool | |
Sets the minimum number of threads that this listener will maintain during periods of low load. This listener will always have system resources allocated for this number of threads. Default: 5 | |
Sets the maximum number of threads that this listener can allocate resources for, even during peak loads. This listener can have up to this number of threads. Default: 255 | |
Note The following attributes are in the AAA MBean, RADIUSListener=AAA,component=RADIUSServerSocket | |
secret | The shared secret that must be used in RADIUS protocol messages sent to the bundled SESM RADIUS server. This attribute sets a global shared secret for all clients. To specify different shared secrets for each client, use the allowedClients attribute. |
The port the RADIUS server listens on. It uses the same port for RADIUS Accounting-Requests and Access-Requests. The installed configuration file defines this attribute as a Java system property, which is assigned a value at run time: application.portno | |
Note If you do not see the allowedClients attribute in the Agent View, check the configuration file (the XML file). The allowedClients attribute might be commented out. If so, remove the comment characters, save the XML file, and then restart the RADIUS server. You can add more clients by adding more elements to the allowedClients attribute. An element in allowedClients attribute has the following format:
Where: hostName or IPAddress identify a client (an SSG, for example) that has access to the server. localSecret identifies the secret that this client uses for RADIUS communication. | |
Posted: Mon Aug 26 08:31:14 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.